GSM Mobile Security

1. Introduction

Introduction To GSM

GSM (Global System for Mobile Communications) represents a standard developed by the European Telecommunications Standard Institute (ETSI), in order to describe the second generation technologies, or “2G”, known as digital cellular networks. Created as a replacement for the first generation, the analog cellular networks, the GSM standard described in the first place a digital, circuit switched network optimized for full duplex voice telephony. This standard was amplified over time to include the first circuit data transport and after, the packet data transport via GPRS.

The GSM association estimates that the defined technologies in the GSM standard are serving 80% of the world’s population.

2. Problem Statement

Cellular Networks

In the recent years, the cellular networks have vastly progressed in their performance aptitudes, but despite this evolution, the security of these networks remains extremely outdated.

The needs for security in the systems of cellular telecommunication were to ensure the privacy of the conversations and to signal data from interception as well as to prevent cellphone fraud. With the older analog-based cellphone systems such as the AMPS (Advanced Mobile Phone System) and the TACS (Total Access Communication System), it is a relatively easy way for the radio hobbyist to intercept cellphone conversations with a police scanner. Some other security circumstance with cellphone telecommunications systems regards identification credentials such as the ESN (Electronic Serial Number), which are send “in the clear” in analog systems. With more complex equipment, there is the possibility to receive the ESN and apply it in order to commit cellphone fraud by “cloning” another cellphone and placing call with it.

The procedure wherein the MS (Mobile Station) records its location with the system is also susceptible to interception and allows the subscriber’s location to be monitored even when there is no call in progress.

The mechanisms of security and authentication implemented in GSM make it the most secure mobile communication standard available, particularly comparing to the analog systems described above. Part of the enhanced security of GSM is due to the fact that it is a digital system using a coding algorithm, GMSK (Gaussian Minimum Shift Keying) digital modulation, slow frequency hopping, and TDMA (Time Division Multiple Access) time slot architecture.

Cellular networks are characterized by high-speed, high-capacity voice and data communication, which due to the increasing popularity of the cellular devices, these networks are being used nowadays for more than just phone calls and entertainment. They started to represent the main way of communication for more actions than we can imagine. They are now our lifeline of communication.

Cellular networks have numerous vulnerabilities that can provide access to adversaries. This happens due to the fact that cellular networks were not designed with security in the first place. They just evolved from the old-fashioned phone networks which were built just for performance.

In order to ensure that the possible attackers will not access the networks to cause breakdowns, the cellular networks must maintain a high level of security. An Internet connection from the cellular network not only that it imports all Internet vulnerabilities, but also gives subscribers direct access to the control infrastructure of the cellular network. Therefore, the cellular environment became an insecure, open network with numerous unknown operators having nonproprietary access to it.

The purpose of security

All frauds result in a loss to the operator. It is important to recognize that this loss may be in terms of:

• No direct financial loss, where the result is lost customers and increase in use of the system with no revenue

• Direct financial loss, where money is paid out to others

• Potential embarrassment, where customers may move to another service because of the lack of security

• Failure to meet legal and regulatory requirements, such as License conditions, Companies Acts or Data Protection Legislation

The main objective for GSM system is to make the system as secure as the public switched phone network. At the same time a judgment must be made of the cost and effectiveness of the security measures.